RDPBCGR Slow path input not parsed properly


The current version of the parsers incorrectly parse slow path input PDU. It skips the numberEvents and pad2Octets fields, which cases all the other fields to be incorrect. The fix is very simple, and I would edit the code myself, but I don't know how to commit changes on CodePlex. In the rdpbcgr.npl file, replace:
case 28:
                [Property.RDPBCGRPacketType = "TsInputEvent"]
                RDPBCGRTsInputEvent TsInputEvent;
case 28:
                [Property.RDPBCGRPacketType = "TsInputEvent"]
                RDPBCGRTsInputPduData TsInputEvent;
I have tested this on my local copy and this one change fixes the issue.

file attachments

Closed Aug 28, 2012 at 4:19 AM by Jessicawu
Thanks for your reporting this issue, I have reslove the issue and you can get it in sep release.


rachelhu wrote Jul 30, 2012 at 1:59 AM

Thanks for reporting this issue for us. We will do the win8 RDP series protocol alignment for parser during Nov. Then, do the public release. I think you can verify this issue that time.Would you mind to attach the capture you have related with this issue. Thanks a lot.

wrote Jul 30, 2012 at 3:50 AM

felipet1326 wrote Jul 30, 2012 at 3:50 AM

Thanks for replying so quickly. You're welcome. This issue is not related to Windows 8. It happens even when connecting to XP computers. Note that you would probably never see it in practice with mstsc.exe because these packets would be encrypted and/or compressed, but neither is required. Here is a capture containing two frames with valid input data. Open them with the current parsers, then try the change I recommended, and reopen it.
Sorry, this capture has lots of extra baggage, but if I only send you the relevant frames, it doesn't recognize it properly. Frames #131 and 118 among many others, demonstrate the issue.

wrote Aug 28, 2012 at 4:19 AM

Jessicawu wrote Aug 28, 2012 at 9:50 AM

Please get the changeset 81160 to verfy the issue.Thanks!

wrote Feb 21, 2013 at 11:34 PM

wrote May 16, 2013 at 11:14 AM